github
diff --git a/‎java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected
Lines changed: 13 additions & 8 deletions b/‎java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.expected
Lines changed: 13 additions & 8 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref
Lines changed: 2 additions & 1 deletion b/‎java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipSlip.qlref
Lines changed: 2 additions & 1 deletion
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
Lines changed: 29 additions & 21 deletions b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected
Lines changed: 29 additions & 21 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref
Lines changed: 2 additions & 1 deletion b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.qlref
Lines changed: 2 additions & 1 deletion
@@ -1,9 +1,18 @@
+#select
+| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:9:48:9:51 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:9:48:9:51 | file | file system operation |
+| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:10:49:10:52 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:10:49:10:52 | file | file system operation |
+| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:11:36:11:39 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:11:36:11:39 | file | file system operation |
 edges
 | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:8:31:8:34 | name : String | provenance |  |
-| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance |  Sink:MaD:42557 |
-| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance |  Sink:MaD:42593 |
-| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance |  Sink:MaD:42565 |
-| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | MaD:42614 |
+| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:9:48:9:51 | file | provenance |  Sink:MaD:1 |
+| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:10:49:10:52 | file | provenance |  Sink:MaD:3 |
+| ZipTest.java:8:17:8:35 | new File(...) : File | ZipTest.java:11:36:11:39 | file | provenance |  Sink:MaD:2 |
+| ZipTest.java:8:31:8:34 | name : String | ZipTest.java:8:17:8:35 | new File(...) : File | provenance | MaD:4 |
+models
+| 1 | Sink: java.io; FileOutputStream; false; FileOutputStream; ; ; Argument[0]; path-injection; manual |
+| 2 | Sink: java.io; FileWriter; false; FileWriter; ; ; Argument[0]; path-injection; manual |
+| 3 | Sink: java.io; RandomAccessFile; false; RandomAccessFile; ; ; Argument[0]; path-injection; manual |
+| 4 | Summary: java.io; File; false; File; ; ; Argument[1]; Argument[this]; taint; manual |
 nodes
 | ZipTest.java:7:19:7:33 | getName(...) : String | semmle.label | getName(...) : String |
 | ZipTest.java:8:17:8:35 | new File(...) : File | semmle.label | new File(...) : File |
@@ -12,7 +21,3 @@ nodes
 | ZipTest.java:10:49:10:52 | file | semmle.label | file |
 | ZipTest.java:11:36:11:39 | file | semmle.label | file |
 subpaths
-#select
-| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:9:48:9:51 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:9:48:9:51 | file | file system operation |
-| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:10:49:10:52 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:10:49:10:52 | file | file system operation |
-| ZipTest.java:7:19:7:33 | getName(...) | ZipTest.java:7:19:7:33 | getName(...) : String | ZipTest.java:11:36:11:39 | file | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipTest.java:11:36:11:39 | file | file system operation |
 
@@ -1 +1,2 @@
-Security/CWE/CWE-022/ZipSlip.ql
+query: Security/CWE/CWE-022/ZipSlip.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
@@ -1,25 +1,44 @@
+#select
+| Mongo.java:17:45:17:67 | parse(...) | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:45:17:67 | parse(...) | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
+| Mongo.java:21:49:21:52 | json | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
+| Test.java:36:47:36:52 | query1 | Test.java:227:26:227:38 | args : String[] | Test.java:36:47:36:52 | query1 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:42:57:42:62 | query2 | Test.java:227:26:227:38 | args : String[] | Test.java:42:57:42:62 | query2 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:50:62:50:67 | query3 | Test.java:227:26:227:38 | args : String[] | Test.java:50:62:50:67 | query3 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:62:47:62:61 | querySbToString | Test.java:227:26:227:38 | args : String[] | Test.java:62:47:62:61 | querySbToString | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:70:40:70:44 | query | Test.java:227:26:227:38 | args : String[] | Test.java:70:40:70:44 | query | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:78:46:78:50 | query | Test.java:227:26:227:38 | args : String[] | Test.java:78:46:78:50 | query | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:209:47:209:68 | queryWithUserTableName | Test.java:227:26:227:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
+| Test.java:221:81:221:111 | ... + ... | Test.java:227:26:227:38 | args : String[] | Test.java:221:81:221:111 | ... + ... | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
 edges
 | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:56:17:66 | stringQuery : String | provenance |  |
 | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | provenance |  |
 | Mongo.java:17:56:17:66 | stringQuery : String | Mongo.java:17:45:17:67 | parse(...) | provenance | Config |
-| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance |  Sink:MaD:43208 |
-| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance |  Sink:MaD:43196 |
-| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance |  Sink:MaD:43197 |
+| Test.java:29:30:29:42 | args : String[] | Test.java:36:47:36:52 | query1 | provenance |  Sink:MaD:6 |
+| Test.java:29:30:29:42 | args : String[] | Test.java:42:57:42:62 | query2 | provenance |  Sink:MaD:3 |
+| Test.java:29:30:29:42 | args : String[] | Test.java:50:62:50:67 | query3 | provenance |  Sink:MaD:4 |
 | Test.java:29:30:29:42 | args : String[] | Test.java:58:19:58:26 | category : String | provenance |  |
-| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance |  Sink:MaD:43209 |
-| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance |  Sink:MaD:43207 |
+| Test.java:29:30:29:42 | args : String[] | Test.java:70:40:70:44 | query | provenance |  Sink:MaD:7 |
+| Test.java:29:30:29:42 | args : String[] | Test.java:78:46:78:50 | query | provenance |  Sink:MaD:5 |
 | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | Test.java:60:29:60:35 | querySb : StringBuilder | provenance |  |
-| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | MaD:42712 |
-| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | MaD:42727 |
-| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance |  Sink:MaD:43208 |
-| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance |  Sink:MaD:43208 |
-| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance |  Sink:MaD:43208 |
+| Test.java:58:19:58:26 | category : String | Test.java:58:4:58:10 | querySb [post update] : StringBuilder | provenance | MaD:1 |
+| Test.java:60:29:60:35 | querySb : StringBuilder | Test.java:60:29:60:46 | toString(...) : String | provenance | MaD:2 |
+| Test.java:60:29:60:46 | toString(...) : String | Test.java:62:47:62:61 | querySbToString | provenance |  Sink:MaD:6 |
+| Test.java:183:33:183:45 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | provenance |  Sink:MaD:6 |
+| Test.java:213:34:213:46 | args : String[] | Test.java:221:81:221:111 | ... + ... | provenance |  Sink:MaD:6 |
 | Test.java:227:26:227:38 | args : String[] | Test.java:228:11:228:14 | args : String[] | provenance |  |
 | Test.java:227:26:227:38 | args : String[] | Test.java:232:14:232:17 | args : String[] | provenance |  |
 | Test.java:227:26:227:38 | args : String[] | Test.java:233:15:233:18 | args : String[] | provenance |  |
 | Test.java:228:11:228:14 | args : String[] | Test.java:29:30:29:42 | args : String[] | provenance |  |
 | Test.java:232:14:232:17 | args : String[] | Test.java:183:33:183:45 | args : String[] | provenance |  |
 | Test.java:233:15:233:18 | args : String[] | Test.java:213:34:213:46 | args : String[] | provenance |  |
+models
+| 1 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[0]; Argument[this]; taint; manual |
+| 2 | Summary: java.lang; CharSequence; true; toString; ; ; Argument[this]; ReturnValue; taint; manual |
+| 3 | Sink: java.sql; Connection; true; prepareCall; ; ; Argument[0]; sql-injection; manual |
+| 4 | Sink: java.sql; Connection; true; prepareStatement; ; ; Argument[0]; sql-injection; manual |
+| 5 | Sink: java.sql; Statement; true; executeLargeUpdate; ; ; Argument[0]; sql-injection; manual |
+| 6 | Sink: java.sql; Statement; true; executeQuery; ; ; Argument[0]; sql-injection; manual |
+| 7 | Sink: java.sql; Statement; true; executeUpdate; ; ; Argument[0]; sql-injection; manual |
 nodes
 | Mongo.java:10:29:10:41 | args : String[] | semmle.label | args : String[] |
 | Mongo.java:17:45:17:67 | parse(...) | semmle.label | parse(...) |
@@ -45,14 +64,3 @@ nodes
 | Test.java:232:14:232:17 | args : String[] | semmle.label | args : String[] |
 | Test.java:233:15:233:18 | args : String[] | semmle.label | args : String[] |
 subpaths
-#select
-| Mongo.java:17:45:17:67 | parse(...) | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:17:45:17:67 | parse(...) | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
-| Mongo.java:21:49:21:52 | json | Mongo.java:10:29:10:41 | args : String[] | Mongo.java:21:49:21:52 | json | This query depends on a $@. | Mongo.java:10:29:10:41 | args | user-provided value |
-| Test.java:36:47:36:52 | query1 | Test.java:227:26:227:38 | args : String[] | Test.java:36:47:36:52 | query1 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:42:57:42:62 | query2 | Test.java:227:26:227:38 | args : String[] | Test.java:42:57:42:62 | query2 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:50:62:50:67 | query3 | Test.java:227:26:227:38 | args : String[] | Test.java:50:62:50:67 | query3 | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:62:47:62:61 | querySbToString | Test.java:227:26:227:38 | args : String[] | Test.java:62:47:62:61 | querySbToString | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:70:40:70:44 | query | Test.java:227:26:227:38 | args : String[] | Test.java:70:40:70:44 | query | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:78:46:78:50 | query | Test.java:227:26:227:38 | args : String[] | Test.java:78:46:78:50 | query | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:209:47:209:68 | queryWithUserTableName | Test.java:227:26:227:38 | args : String[] | Test.java:209:47:209:68 | queryWithUserTableName | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
-| Test.java:221:81:221:111 | ... + ... | Test.java:227:26:227:38 | args : String[] | Test.java:221:81:221:111 | ... + ... | This query depends on a $@. | Test.java:227:26:227:38 | args | user-provided value |
 
@@ -1 +1,2 @@
-Security/CWE/CWE-089/SqlTainted.ql
+query: Security/CWE/CWE-089/SqlTainted.ql
+postprocess: TestUtilities/PrettyPrintModels.ql
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-Security/CWE/CWE-022/ZipSlip.ql`
	`1`	`+query: Security/CWE/CWE-022/ZipSlip.ql`
	`2`	`+postprocess: TestUtilities/PrettyPrintModels.ql`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-Security/CWE/CWE-089/SqlTainted.ql`
	`1`	`+query: Security/CWE/CWE-089/SqlTainted.ql`
	`2`	`+postprocess: TestUtilities/PrettyPrintModels.ql`